Identity theft and its related crimes have recently become prevalent. Many individuals, merchants and financial institutions have already suffered tremendous material loss and damages as a result of these financial crimes.
If a perpetrator can steal another person's identity, he/she can easily commit many kinds of financial crimes based on the stolen identity. Therefore, protecting the identity of a person is crucial to preventing many types of financial crimes.
Some vendors offer identity theft protection for individuals. However, these vendors can only prevent a limited scope of identity theft. For example, some vendors may charge an individual a fee to post a “fraud alert” on behalf of the individual with all major credit report companies such as Equifax, TransUnion, Experian, etc. According to the Fair Credit Reporting Act, 15 U.S.C. §1681c-1, a user of a credit report, e.g. a credit card company, must contact the consumer if a credit application is received on behalf of the consumer and there is a fraud alert in the credit report of the consumer. In fact, consumers can post “fraud alerts” with credit report companies by themselves.
When a perpetrator (“fraudster”) uses the identity of a consumer, who has posted a “fraud alert,” to open a credit card account, the credit card company may order a credit report to review the credit history of the consumer. As a result of the Fair Credit Reporting Act, the consumer will be contacted by the credit card company during the account opening process because there is a fraud alert in the credit report of the consumer. Consequently, a perpetrator will not be able to open this account after the credit card company contacts the consumer and determines that the consumer did not apply for the credit card account.
This kind of protection has a very limited scope, however. It can only work if the financial institution, such as the credit card company, happens to use the credit report which has a fraud alert. In reality, many identity theft cases do not involve opening a new account with another person's identity.
Moreover, in order to post a “fraud alert” on behalf of a consumer, a vendor has to collect detailed personal information of the consumer because the credit report companies have to verify the identity of the consumer before allowing him/her to post the fraud alert. Naturally, a consumer may be exposed to even greater identity theft risk because the consumer has to disclose his/her detailed personal information to the vendor, a third party, which may have employees engaged in fraud (i.e., fraudsters). Sharing personal information with third parties actually carries the risk of increased identity theft and fraud.
In addition to the examples given above, identity theft can be easily committed in the computer age because a user is often identified by a user ID and/or Personal Identification Number (“PIN”) and a password. Once a fraudster has stolen the user ID and/or PIN and password of another person, that fraudster can conduct many criminal activities through access to this account. Therefore, identity theft is a major threat to online banking, online trading, e-commerce, and many other computer related activities.
Furthermore, identity theft is often involved in payment fraud. The traditional payment instruments such as checks, credit cards, debit cards, ATM cards, etc. can be easily stolen or fabricated. Once a fraudster has stolen or fabricated such instruments of another person, the fraudster can quickly conduct many illegal payment transactions before the affected financial institutions identify the fraud and freeze the payments.
Fraudsters can commit identity theft in many ways. One objective may be to steal somebody's personal information to open a financial account. Given the fact that most financial institutions have a solid Customer Identification Program (CIP) in place as a result of the USA PATRIOT Act and FACT Act, opening a financial account with a counterfeit identity is now a difficult and risky approach to commit fraud.
An easier way to commit identity theft is to steal the information of a consumer's credit card, debit card, stored value card, etc. This can be done, for example, by bribing waiters and waitresses in restaurants to copy such information from the restaurants' guests. A fraudster can use the stolen card information to pay a nominal fee to numerous background search websites on the Internet to find useful personal information based on the consumer's name shown on the stolen card. A counterfeit card and a counterfeit identification document, such as a driver's license, can be easily fabricated with present technology. The fraudster can use the counterfeit card and the counterfeit identification document to engage, at least for several hours, in a shopping spree based on the consumer's stolen identity.
Financial institutions and merchants are losing billions of dollars every year because of this kind of identity theft. Additionally, identity theft victims must spend considerable amounts of personal time to clean up their credit records, replace cards with new account numbers, etc., after their identities are stolen.
In fact, stealing personal information can be easily committed today. Many financial institutions and merchants have kept the personal information including the information of credit cards, debit cards, etc. of their clients in their databases. It has become common for employees of financial institutions, merchants, or consumer report companies to steal customers' personal information, commit fraud, and/or sell the information to fraudsters.
In addition to credit cards, debit cards, etc., checks are still one of the most popular payment instruments today. It is easier to fabricate a counterfeit check than to fabricate a counterfeit card. There are numerous cases related to counterfeit checks which are used together with counterfeit identification documents.
Furthermore, an online merchant cannot easily tell whether a remote consumer has the correct identity. If correct credit card information, which can be obtained from a stolen credit card, and the correct billing address, which can be obtained from Internet search websites, are presented, the merchant cannot easily tell whether the remote consumer is actually a fraudster. An experienced fraudster can easily conduct identity theft through online transactions. As a result, online merchants lose a tremendous amount of money every year.
In addition, many commercial activities conducted on the Internet are based on user ID and/or PIN and password. Once the user ID and/or PIN and password of a person are stolen, there is no way to tell whether the person logging in remotely has the correct identity or not. User ID and/or PIN and password can be stolen through many ways. For example, a fraudster can obtain the User ID and/or PIN and password of a person by remotely watching or recording the finger movement of the person when he/she logs into a computer system. Phishing is another common scheme used by fraudsters to solicit personal information directly from a customer by falsely representing a financial institution or a merchant.
In summary, identity theft and its related crimes can be easily committed today and individuals, merchants and financial institutions are suffering enormous losses and damages. There is no fully reliable solution available to prevent identity theft and payment fraud. If a fraudster can steal another person's identity, he/she can easily commit all kinds of financial crimes based on this stolen identity.